Originally posted by Tardcore

::sigh:: ::Dusts off the pic from the Real Id kerfuffle::

"You do it to yourself, you do
And that's what really hurts
Is that you do it to yourself
Just you and no one else
You do it to yourself
You do it to yourself"

 

Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.

i recommend just staying away from gaming in multiplayer mode - and not buying gold.  i can't imagine how anyone could hack my account if they dont know it exists...

Originally posted by Vannor

Originally posted by colddog04

Originally posted by Vannor

Originally posted by AdamTM

Originally posted by itgrowls

It's interesting to me that this is happening when there are free ways of dealing with it. Heck even the authenticators are cheap and free delivery. So why are people posting about this again? It's the users fault if they get hacked at this point due to the security that Blizz emplemented. It really is. I'm not a Blizz fan when it comes to the direction their company is going but i have to say they did the right thing when it comes to security for their players.

So why isn't it mandatory then?

Free option requires recent models of mobile phones... not everyone has them.

So then everyone else has to pay for one.

 

You would think that they would offer a secure service as part of the whole $60 price tag. Seems reasonable to me at aleast.

They offer a secure system. I've never had an account stolen, hacked or wotever in 15 years. I worked as a computer tech for a while and let me tell you... most peoples computers are a mess. A massive trash of a mess. I have no doubt at all that people who lose accounts do so because they can't maintain a computer properly or click on things they shouldn't.

I'm in the same boat you are....

Except I think that if you are nickle and diming someone the way Blizzard is with making people buy authenticators to use their service securely, something is wrong with that.  If you are going to make it a requirement to play on their servers even for single player games, you should probably make sure your system is very secure, otherwise you are inviting the very same kind of PR nightmare they currently are going through.

Originally posted by JeroKane

Originally posted by FrodoFragins

Originally posted by JeroKane

People NEED to understand, that to get into your Battle.net account, they NEED to know your password!

Blizzard isn't going to spread your passwords on the internet! Get a grip!

While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!

So hackers can't just breach / hack Battle.net and then retreive your passwords!  Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).

So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!

A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well!  You cannot make it any easier for a hacker that way!

And who says people like the OP didn't have a keylogger on their PC? How do they know?

You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!

A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!

I do it myself at least once/twice a week... depending on my internet activity.

Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.

It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!

Cheers

Look up session hijacking.  If Blizzard has a hole in their security they wouldn't need to login.  They just hijack your session from you and boot you from the server. 

That is a whole different matter and would have nothing to do with Battle.net!

However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!

Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!

Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.

But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router!  You would seriously be suprised how many people don't know about this!

You list of all the ways the individual user should engage in some foresight (and all of them very sound), but how about some foresight on blizzard's part?

You obviously have technical knowledge.  Congrats, you are part of the 1% of PC gamers, and the .0001% of PC users.  I've given hundreds of little impromptu PC best practices behavior to people whose systems i've worked on over the past now 15 years.  and people still keep making the same mistakes.

Most of the players of Diablo IIII are going to be technical idiots.  So you need to take this into account when making your game, especially when you are going to mandate that they login and play online for even single player games.  (those who play almost exclusively single player tend to be more ignorant).  Otherwise, you are looking at a PR nightmare, and one that was entirely forseeable.

Originally posted by dubyahite

There was a guy that wrote a post on another forum about how he acquired  thousands NCSoft accounts in one weekend.

I won't post the link here, because it gets a little bit descriptive of how he did it to the point where this post would probably get modded. 

Also, I will note that this guy is not a "hacker" in the sense that he wasn't doing this maliciously. Just wanted to see what could be done. He submitted all of his data to NCSoft after they had a huge hacking fiasco. This was done to help them determine the amount of people using the same password for a fansite for the game they were playing. 

.

First off, I would state that the methods this guy used are very basic and very legit. This is something anyone with a basic level of network security knowledge could accomplish.

 

 

I'll explain it in simple non-tech terms. 

 

He, acquired a database of over 200,000 users from several fan sites. Remember, a real attacker is always going to take the path of least resistance. This would be much easier than hacking NCSoft's database as fansites are less secure and have less resources. 

 

A portion of those passwords ( around 50k) were crackable. The passwords were encrypted in the database, but simple dictionary based passwords are vulnerable to cracking. I won't detail how he did  it, but he was able to crack the weaker passwords.

He submitted the data of the cracked passwords to NCSoft to compare against their databases. It turned out that about 20% of the accounts on these fansites were using the EXACT same password for the fansite as they were for their game account.

20 FRIGGIN PERCENT.  Imagine if he had a database of 1 million users? or 2 million? 20 percent of those would on average have the same freaking password for their game as they use for a vulnerable fansite. 

 

So here's another twist to this story. A very popular Diablo fansite was being listed by google as having been infected with malware recently. It was incgamers diablo fansite I believe. This almost garuntees that they were compromised. They may not have been the only one.

 

So I have a question for those of you that got hacked.  Are you in the 20%?

 

Occam's Razor would probably apply here.  Your explanation being a lot simpler than session spoofing.

Originally posted by Creslin321

There are SO many arguments in this thread about whose fault it is that your account gets hacked...

Which is kind of sad because I think they COMPLETELY miss the point.

Why do you guys think D3 accounts getting hacked is "news?"  Battle.NET accounts get hacked ALL THE TIME.  You're not going to see all this discussion because someone's WoW account got hacked...trust me.  It's like a daily occurence.

The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked.  You simply weren't exposed to it at all.

But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO.  Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.

So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player.  Discussing who is at fault for the hacking is pointless, that's not what this is really about.  This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.

This.

Dubya can say "well this wouldn't stop the problems", and he is right, to a point.  It wouldn't stop it from those who play online.  Want to do a LAN party for friends on Diablo on your own network?  You could in previous versions.  You can't now.  You have to only use Blizzard.  want to play single player?  You have to connect to Blizzard first.

Blizzard left the door wide open on this.  If they didn't think this through to provide some extra layers of protection, they deserve some blame.  Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.

What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D1 or D2.  not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.

Even something as simple as forcing authenticators with every login would fix a lot of the problems.  Hacking, like pirating, will always occur, and any strategy that will "eliminate it" might as well eliminate gravity.  yet there are simple things that can be done to mitigate the damage this causes, on both the "end user" side, and the "company" side.

Originally posted by iceman00

Originally posted by Creslin321

There are SO many arguments in this thread about whose fault it is that your account gets hacked...

Which is kind of sad because I think they COMPLETELY miss the point.

Why do you guys think D3 accounts getting hacked is "news?"  Battle.NET accounts get hacked ALL THE TIME.  You're not going to see all this discussion because someone's WoW account got hacked...trust me.  It's like a daily occurence.

The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked.  You simply weren't exposed to it at all.

But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO.  Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.

So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player.  Discussing who is at fault for the hacking is pointless, that's not what this is really about.  This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.

This.

Dubya can say "well this wouldn't stop the problems", and he is right, to a point.  It wouldn't stop it from those who play online.  Want to do a LAN party for friends on Diablo on your own network?  You could in previous versions.  You can't now.  You have to only use Blizzard.  want to play single player?  You have to connect to Blizzard first.

Blizzard left the door wide open on this.  If they didn't think this through to provide some extra layers of protection, they deserve some blame.  Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.

What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D2 or D3.  not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.

this x100000000

cant agree more

These accounts aren't necessarily hacked but more likely easily guessed by other players who already have their login names via places like the forums. Once they got a login name they use a bot to try thousands of passwords to try login to that account.

I do not get why they say acounts were "hacked" when most of the time the person with the acount either recived a keylogger or just plain out gave their info threw scams.  So much missleading info flying around its makes me want to throw up.  Buy a authenticator and dont use the password jim1234 and the chances of anything happening to your acount goes down the drain.

Dunno if anyone's mentioned this, but it has just come out recently as well that Battle.net passwords aren't case-sensitive. What the hell kind of idiot made that call? It's one of the most basic possible security measures one can take! Even SONY isn't that fucking stupid!

I'm loving Diablo 3, but I'm pissed off as all hell at Blizzard. It's pretty goddamn obvious they're letting the interns handle network security over there. If I lived anywhere near their HQ I'd be over there wanting to smack the security lead upside the head for sheer dumb-fuckery.

I really can't put into words how pissed off I am about that. Of all the... Jesus, no wonder people are having trouble.

The really funny part, is that the CM's response was "Oh yeah, works like that for all our games! Try it in SC2 and WoW too! :)"

Yes, a smiley...

Edit: CM, not GM

Originally posted by Drokar

Originally posted by Tardcore

::sigh:: ::Dusts off the pic from the Real Id kerfuffle::

"You do it to yourself, you do
And that's what really hurts
Is that you do it to yourself
Just you and no one else
You do it to yourself
You do it to yourself"

 

Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.

i recommend just staying away from gaming in multiplayer mode - and not buying gold.  i can't imagine how anyone could hack my account if they dont know it exists...

 I still think the it is in the public chat not the games.

Wish someone would ask this on the offical forums. If you were hacked did you use public chat? What channel?

In OB I got this message I was logged in form a different location, got booted and the only thing I did was go to open chat. Didn't think much of it because I was back in game nothing missing or anything out of the ordinary. I think the hackers were testing their program at that time to see if it worked.

Seriously

Originally posted by iceman00

Originally posted by Creslin321

There are SO many arguments in this thread about whose fault it is that your account gets hacked...

Which is kind of sad because I think they COMPLETELY miss the point.

Why do you guys think D3 accounts getting hacked is "news?"  Battle.NET accounts get hacked ALL THE TIME.  You're not going to see all this discussion because someone's WoW account got hacked...trust me.  It's like a daily occurence.

The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked.  You simply weren't exposed to it at all.

But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO.  Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.

So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player.  Discussing who is at fault for the hacking is pointless, that's not what this is really about.  This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.

This.

Dubya can say "well this wouldn't stop the problems", and he is right, to a point.  It wouldn't stop it from those who play online.  Want to do a LAN party for friends on Diablo on your own network?  You could in previous versions.  You can't now.  You have to only use Blizzard.  want to play single player?  You have to connect to Blizzard first.

Blizzard left the door wide open on this.  If they didn't think this through to provide some extra layers of protection, they deserve some blame.  Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.

What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D1 or D2.  not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.

Even something as simple as forcing authenticators with every login would fix a lot of the problems.  Hacking, like pirating, will always occur, and any strategy that will "eliminate it" might as well eliminate gravity.  yet there are simple things that can be done to mitigate the damage this causes, on both the "end user" side, and the "company" side.

This is possible. Thing is, people need to activate it themselves. Same with the authenticator. I read some posts here that say that it's not foulproof because you only need to input a key once every 5-7 days and that it should be every time you log on. Back when the authenticator was introduced, you did need to input the code every time you logged on. People didn't like it, because they want the easiest to play, which is completly understandable. Blizzard acknowledge this and changed it to the current way, as in, using the authenticator once every 5-7 days. However you can still change it to the old way, so that you need to use the authenticator every time you login to a Blizzard game. It's just a little checkbox under the authenticator options. It's listed in the authenticator FAQ too. The only thing Blizzard didn't do, is shouting it from the roof, you know, in a forced message that players don't read through anyway.

The same for the Steam example that you mentioned. This is also a service that Blizzard provides, though not through an e-mailservice (well, if there is one, I'm not aware of it). In case of changes too your Battle.net account or supicious activity. This is what it lists for Diablo 3 specific:

If you play Diablo III...

We may also text you verification codes if we detect suspicious activity and for approving transactions in the real-money auction house.

For I guess security reason, they opted for a SMS service, which is fine with me. After all, if your login details are compromised, changes are that your e-mail details are too compromised.

In the end it's probably better if they would just force people to use the authenticator with every login. Problem is, people don't like that. Which is also the whole problem with Information Security in general. There's this thought of: "It will never happen to me, so I don't need to take these kind of preventing measures!", untill the moment your data does get compromised. I don't think that Blizzard handles the Information Security poorly. No company wants to be in the position that Sony was in not long ago.

So yes, these tales that are going around, of people being 'hacked' and what not, are most likely people who have only themselves to thank for it. Even that article from the reviewer from Tom's Hardware I take with a healthy dose of sceptism. I mean, just mere speculation here, perhaps a co-worker/lover/child logged in on her account when she was away. Because she already used her authenticator two days ago, only her login and password were needed. It sounds silly and childish, but it wouldn't be the first time.

Like I said, I'm not taking Blizzard's side here, it's just that someone has to come with solid proof before to back up claims that they've been hacked, while using an authenticator. If Blizzard's security is compromised however, I'll be reconsidering buying whatever game they'll release next.

Originally posted by dubyahite

Originally posted by Zipp_23

Originally posted by zaylin

Originally posted by Vannor

Everyone knows that when accounts get stolen 99.9% of the time it is the users own fault. Everything in that article is speculation.. words like 'suggested' are evidence that the whole article is completely factless. Even the word 'hacked' isn't accurate right now because no one knows why those items went missing.

Well....honestly I think its more to do with the Battle.Net system than the user. The reason I say this, I had/have a WoW account for 4 years (from Launch),and as soon as they switched to the Battle.Net for WoW my account got hacked 3 times in 6 months,and im a very well versed user.

Agree with that. I never had any problems with wow account, until bliz start using battle.net.. after that, my account got hacked...

Its pretty pointless to  say that I dont click anythink like "get free gold" or use same psw .. and so on, coz most of ppl on forum will simply say its my fault anyway.

Im a big bliz fan, have like all their games. But the thing with acounts beeing hacked right after your not beeing active for some time is sad. But its exactly what is happening.

 

 

There are other possibilities besides "IT'S ALL BLIZZARDS FAULT"  or "IT'S ALL THE USERS FAULT"

Well, do you see any  "its all bliz fault" in my post? guess not...

The security issues of Battlenet are currently the biggest thing keeping me from buying the game. The one time I tried creating an account to briefly try WOW, which lasted all of a week, I was getting emails claiming my acount had been hacked within a week of the account going inactive. I don't know or really care about the details of what the source was, but I'm pretty sure that if it was on my end, I'd be seeing that kind of problem a lot more than with just Battlenet, yet in all the time I've been on the internet, the only game account I've ever had problems with was with Blizzard. I didn't do anything special or unusual on my end with that particular account, so I'm left with the conclusion that something on Blizzard's end is out of whack and has been for some time. Now I read about the "recommendation" to buy an authenticator, and I get a bit suspicious that it may not be hackers, but Blizzard, or one of it's employees, out to make a fast buck one way or another, either by getting me to buy an authenticator or by selling information on inactive accounts. Either way, makes me glad I didn't bother buy the game yet; doesn't matter how good the game is if the surrounding environment is unsecure. Whether or not I eventually buy the game will be directly effected by how this shakes out, espicially after the RMAH is added.

Originally posted by sunshadow21

The security issues of Battlenet are currently the biggest thing keeping me from buying the game. The one time I tried creating an account to briefly try WOW, which lasted all of a week, I was getting emails claiming my acount had been hacked within a week of the account going inactive. I don't know or really care about the details of what the source was, but I'm pretty sure that if it was on my end, I'd be seeing that kind of problem a lot more than with just Battlenet, yet in all the time I've been on the internet, the only game account I've ever had problems with was with Blizzard. I didn't do anything special or unusual on my end with that particular account, so I'm left with the conclusion that something on Blizzard's end is out of whack and has been for some time. Now I read about the "recommendation" to buy an authenticator, and I get a bit suspicious that it may not be hackers, but Blizzard, or one of it's employees, out to make a fast buck one way or another, either by getting me to buy an authenticator or by selling information on inactive accounts. Either way, makes me glad I didn't bother buy the game yet; doesn't matter how good the game is if the surrounding environment is unsecure. Whether or not I eventually buy the game will be directly effected by how this shakes out, espicially after the RMAH is added.

Battle.net is is more ways then one more secure then most other MMO's out there, probably all of them. It's just a side effect of hosting a few of the most popular gaming franchises out there. The spam e-mails you've been getting, I get them too. Though not on the e-mail account I registered my Battle.net or even back in the day, my WoW account too. I get those e-mails on my gmail account, which I mostly use for registering purposes. So the spam isn't necessarly linked to you creating a WoW account.

Concerning the authenticator, for most purposes on the internet I use a two-way-authentication system like this (two-way as in a login/password and the code you get from the authenticator). It's way more secure then just a loginname and a password. I work in the Information Security branch and I can't keep up with all the ways, holes, bugs and exploits floating around. Patchnotes from Microsoft, Adobe and Sun Microsystems (the company behind Java) are an interesting read, just to see how many holes have been patched this time.

There's by the way a free authenticator app for Andriod, iPhone and a few others. If you find this environment unsecure, you should watch out for similar environments too. For example, Steam, Origin, etc.

Originally posted by MikkelB

Battle.net is is more ways then one more secure then most other MMO's out there, probably all of them. It's just a side effect of hosting a few of the most popular gaming franchises out there. The spam e-mails you've been getting, I get them too. Though not on the e-mail account I registered my Battle.net or even back in the day, my WoW account too. I get those e-mails on my gmail account, which I mostly use for registering purposes. So the spam isn't necessarly linked to you creating a WoW account.

Concerning the authenticator, for most purposes on the internet I use a two-way-authentication system like this (two-way as in a login/password and the code you get from the authenticator). It's way more secure then just a loginname and a password. I work in the Information Security branch and I can't keep up with all the ways, holes, bugs and exploits floating around. Patchnotes from Microsoft, Adobe and Sun Microsystems (the company behind Java) are an interesting read, just to see how many holes have been patched this time.

There's by the way a free authenticator app for Andriod, iPhone and a few others. If you find this environment unsecure, you should watch out for similar environments too. For example, Steam, Origin, etc.

For being more secure than most companies, it still has way too many problems. I don't know precisely what those problems are, or what would be needed to be done to fix them, but I've never received anything like it from any other game from any other company, and I've tried most of the big name games at some point in time at least briefly. Given the level of problems, I'm not even inclined to say that outside sources are the problem; there is something within how Blizzard sets up the games and/or handles the account data that just seems to cause problems. I don't usually jump on companies for security issues, especially online security issues, but Blizzard seems to have more than their fair share, and has a long history of having more than their fair share. Whether its internal or external, I just don't like what I see with their security track record, even after accounting for the presence of big target names like WoW and Diablo.

I blame Porn !

Originally posted by sunshadow21

For being more secure than most companies, it still has way too many problems. I don't know precisely what those problems are, or what would be needed to be done to fix them, but I've never received anything like it from any other game from any other company, and I've tried most of the big name games at some point in time at least briefly. Given the level of problems, I'm not even inclined to say that outside sources are the problem; there is something within how Blizzard sets up the games and/or handles the account data that just seems to cause problems. I don't usually jump on companies for security issues, especially online security issues, but Blizzard seems to have more than their fair share, and has a long history of having more than their fair share. Whether its internal or external, I just don't like what I see with their security track record, even after accounting for the presence of big target names like WoW and Diablo.

If by 'way too many problems' you refer to the whole 'not able to play online'-situation, then yes, that should be fixed, rather yesterday then tomorrow. I don't think that Blizzard is just twiddling their thumbs though or swimming in money like Scrouge McDuck. In at most a month I think that the problems concerning server availability will be fixed.

Concerning security, there isn't much more Blizzard can do really. They warn for a lot of things, most importantly for phising attempts, scams, goldsellers, etc. It's more that the general knowledge of most players is severly lacking on these matters. Blizzard recently posted (yesterday I believe) that they still need to encounter a case of someone whose account has been compromised, while he was using the authenticator. Knowing the relative safety a two-way-authentication system provides, rather believe them than some random forum poster that makes the most outrages claims, more often then not witout providing any shred of evidence. Of course it's frustrating if your account get compromised, but more likely then not, it's Blizzard who's to blame, but the ignorance of the user. It sounds harsh, but it's the truth.

These days on the internet isn't a very safe environment. That's a simple fact. In your specific case you only made a trial account for WoW. Now this part is pure speculation, but let's say you did it by clicking on a WoW Trial banner on Cursegaming or another fansite. There is a change that these sites may have been compromised or that the banner was infected. All kinds of tracking malware can already be installed at that point. Some aren't even detected by antivirus software or blocked by the browser. It's hard to get account details directly for these malware, but getting an e-mailadress is not at all impossible. Hence your spam. When I made my account for WoW and later on Battle.net, I did it through first the CD of WoW itself. The upgrade to Battle.net too, I did it through the old WoW account setting site. Both were under secure connections, hence any potential malware would have a hard time getting that e-mailadress. On the other hand, I used my gmail account to register to various forums, from which multiple have probably been compromised already. That's why I get a crapload of spam on that account.

For another realistic example you should read JeroKane's post here from earlier in this thread: http://www.mmorpg.com/discussion2.cfm/post/5009785

The reality is that it's way easier to get crucial information through other means, like third party sites, then it's to 'hack' Blizzard services. Hell, like some people said on a Dutch forum, if hackers already had access to information like the 'SessionID', then it would mean that:

1. Blizzard's server would already have been hacked, in which the whole stealing of SessionID's would only give away the fact that the servers had been compromised. This would be a very silly move from the people that found a leak in Blizzard's security.
2. Or that crucial information is send in plain-text instead of encrypted, like what happens in practically every MMO. In this case, we would see people posting Youtube movies of 'How I hack Diablo 3 accounts', etc. The only thing that some searches produce are silly phising attempts, like the spam you recieved.

A good tip for practically everyone using the internet, is to be very carefull with the information you put up there. There is a reason that people use multiple e-mailaccounts. There is a reason that two-way-authentication gets more and more accepted (and in a sad way, more necessary).

Didn't use any third party site to do anything with WoW. Went straight to Blizzard's site. While I understand your point that the internet is not a safe place, I didn't do anything different with WoW than I did with any other MMO I've tried out, and yet Blizzard is the only one that has had account difficulties of any kind. If it was on my end or related to my surfing habits, I can gaurantee that I would have noticed it with other games and accounts as well. The fact that I haven't makes is highly suggestive that a significant part of the problem lies with Blizzard and how they write and implement their games.

As for the authenticator, if I have to even consider getting an authenticator to play what is still at it's core a single player game without having to worry about my account getitng hacked, I'm not going to be buying the game, it's that simple. I'm not going to be shell over 60 dollars for the game and even more for the authenticator just to play an updated D2 with social features. It may be a good game, but it ain't that good. I wouldn't do it for the vast majority of MMOs, either. If the security issues are truly that serious, and the company consistently has them, I can find better companies to support or other forms of entertainment. The idea that you would need an authenicator to get reliable access to something that is simply entertainment is crazy, and if that's the trend, I won't be buying very many computer games going forward.

Originally posted by sunshadow21

Didn't use any third party site to do anything with WoW. Went straight to Blizzard's site. While I understand your point that the internet is not a safe place, I didn't do anything different with WoW than I did with any other MMO I've tried out, and yet Blizzard is the only one that has had account difficulties of any kind. If it was on my end or related to my surfing habits, I can gaurantee that I would have noticed it with other games and accounts as well. The fact that I haven't makes is highly suggestive that a significant part of the problem lies with Blizzard and how they write and implement their games.

As for the authenticator, if I have to even consider getting an authenticator to play what is still at it's core a single player game without having to worry about my account getitng hacked, I'm not going to be buying the game, it's that simple. I'm not going to be shell over 60 dollars for the game and even more for the authenticator just to play an updated D2 with social features. It may be a good game, but it ain't that good. I wouldn't do it for the vast majority of MMOs, either. If the security issues are truly that serious, and the company consistently has them, I can find better companies to support or other forms of entertainment. The idea that you would need an authenicator to get reliable access to something that is simply entertainment is crazy, and if that's the trend, I won't be buying very many computer games going forward.

It's becoming a trend, so that will mean less games for you I guess, at least on the PC. You didn't give any examples of the other MMO's you played, but I can say from experience that my Aion account and my Rift account both got hacked. The companies in question admitted it that it was their own fault (I wasn't even subscribed to Aion at that moment). They got compromised. Till this day this hasn't happened to Blizzard. The only known security issue with Battle.net, are the users themselves. There're tools that prevent that your account gets compromised, but if you don't want to use them, it's your own fault if it happens.